The Splitting of Primes in Division Fields of Elliptic Curves

The Splitting of Primes in Division Fields of Elliptic Curves W.Duke and Á. Tóth Introduction Dedicated to the memory of Petr Cižek Given a Galois extension L/K of number fields with Galois group G, a fundamental problem is to describe the (unramified) primes p of K whose Frobenius automorphisms lie in a given conjugacy class C of G. In particular, all such primes have the same splitting type in a sub-extension of L/K. In general, all that is known is that the primes have density C / G in the set of all primes, this being the Chebotarev theorem. For L/K an abelian extension Artin reciprocity describes such primes by means of their residues in generalized ideal classes of K. In the special case that L is obtained explicitly by adjoining to K the n-th division points of the unit circle we have that G GL 1 (Z/nZ) = (Z/nZ) and the Frobenius of p is determined by the norm N(p) modulo n. If K = Q (cyclotomic fields) we have that G = GL 1 (Z/nZ) and any abelian extension of Q occurs as a subfield of such an L for a suitable n (Kronecker-Weber). Here the Chebotarev theorem reduces to the prime number theorem in arithmetic progressions. In a similar manner an elliptic curve E over K gives rise to its n-th division field L n by adjoining to K all the coordinates of the n-torsion points. Now L n is a (generally non-abelian) Galois extension of K with Galois group G, a subgroup of GL 2 (Z/nZ) (see [13]). In this paper we will give a global description of the Frobenius for the division fields of an elliptic curve E, which is strictly analogous to the cyclotomic case. This is then applied to determine the splitting of primes in fields contained in L n or, as we shall say, uniformized by E. As observed by Klein (see [8]), such fields include a large class of non-solvable quintic extensions. Our aim in this application is to provide an arithmetic counterpart to Klein s solution of quintic equations using elliptic functions. Supported by NSF grant DMS-98-01642, the Clay Mathematics Institute and the American Institute of Mathematics Supported by a Rackham grant 1

By using CM curves we can uniformize all abelian extensions of imaginary quadratic fields. A classical application here is the result of Gauss that x 3 2 factors completely modulo a prime p > 3 if and only if p = x 2 + 27y 2 for integers x and y (see [2]). One way to derive this is to determine the Frobenius class of p in the field obtained by adjoining to Q the x-coordinates of the 3-division points of the elliptic curve given by y 2 = x 3 15x + 22, which has CM by the quadratic order of discriminant -12. Analogous results for non-solvable quintics require non-cm curves. Consider the quintic f(x) = x 5 + 90x 3 + 3645x 6480, which has discriminant (2) 12 (3) 16 (5) 5 (7) 6. Its splitting field has Galois group S 5 over Q. It follows from the results of this paper that f(x) factors completely modulo p > 7 if and only if p = x 2 25 p y 2 where p is the discriminant of the ring of endomorphisms of the elliptic curve y 2 = x(x 1)(x 3) reduced mod p. The first two such primes are 1259 and 1951 for which 1259 = 31 and 1951 = 51 and where 1259 = (22) 2 + 25 31 1 2 and As can be checked, 1951 = (26) 2 + 25 51 1 2. f(x) (x + 734)(x + 322)(x + 26)(x + 851)(x + 585) mod 1259 and f(x) (x + 1029)(x + 1222)(x + 839)(x + 1771)(x + 992) mod 1951. In the non-cm case p is not determined by arithmetic progressions in p. A goal of this paper is to complement that of Shimura [15] by pointing out the role of p in such questions. Acknowledgement: We would like to thank N. Katz for his helpful comments. 2

Outline of results. Given an elliptic curve E defined over a number field K and a prime ideal p in O K of good reduction for E we shall define an integral matrix σ p of determinant N(p) whose reduction modulo n gives the action of the Frobenius for L n, the n-th division field of E. Let a p be defined as usual by #E p (k) = N(p) a p + 1 (1) where E p is the reduction of E at p and is defined over k, the residue field of p, which satisfies #k = N(p) = p r. Let R be the ring of those endomorphisms of E that are rational polynomial expressions in the Frobenius endomorphism φ p. If φ p is multiplication by an integer then R = Z and we define p = 1 and b p = 0. Otherwise the ring R is the centralizer of the Frobenius endomorphism in the endomorphism ring of E p over k and is an imaginary quadratic order whose discriminant we denote by p. Then we shall see that p does not divide the conductor m of p and that there is a unique positive integer b p so that 4N(p) = a 2 p p b 2 p. (2) We associate to p the following integral matrix of determinant N(p): [ ] (ap + b σ p = p δ p )/2 b p b p ( p δ p )/4 (a p b p δ p )/2 where for a discriminant we have δ = 0, 1 according to whether 0, 1 mod 4. We shall show that σ p gives a global representation of the Frobenius class over p for each n-th division field of E by reducing it modulo n, provided p is prime to n. Theorem 1. Let E be an elliptic curve defined over a number field K and n > 1 an integer. Let L n be the n-th division field of E with Galois group G over K. Let p be a prime of good reduction for E with N(p) prime to n. Then p is unramified in L n and the integral matrix σ p defined in (3), when reduced modulo n, represents the class of the Frobenius of p in G. (3) The proof we give of this uses the theory of canonical lifts of endomorphisms due originally to Deuring. In analogy with the cyclotomic case, we have associated to each curve a sequence of prime power matrices, defined in terms of arithmetic data from the reduced elliptic curve that give the Frobenius in all of the division fields. Let C be a conjugacy class of G and let π E (X; n, C) be the number of primes p of good reduction with N(p) X such that σ p C 0 mod n for some C 0 C. By the Chebotarev theorem [1] we derive the following strict analogue of the prime number theorem in progressions for the sequence σ p : π E (X; n, C) C G π K(X) 3

as X, where π K (X) counts all primes of K with N(p) X. Of more interest for us here is the fact that the splitting type of p in any field between K and the n-th division field L n is determined by σ p mod n. For example we get immediately a criterion for complete splitting in the full division field in terms of the invariants a p and b p modulo n, provided n is odd. Corollary 1. Let E be an elliptic curve defined over a number field K and n > 1 an odd integer. Then p a prime of good reduction for E with N(p) prime to n splits completely in L n if and only if a p 2 mod n and b p 0 mod n. For a discriminant let Q (x, y) = x 2 + δxy (( δ)/4)y 2 be the principal form where δ = 0, 1 according to whether 0, 1 mod 4. For p a prime of good reduction for E we get a representation with integral x, y upon using the change of variables N(p) = Q p (x, y) (4) x = (a p b p δ p )/2 y = b p (5) in (2). This representation is primitive if p is ordinary. Let L + n be the extension of K obtained by adjoining only the Weber functions of the n-th division points, that is the x-coordinates unless j(e) = 0 or j(e) = 1728, in which case we must first cube or square the coordinates, respectively. By Theorem 1 we can determine which sufficiently large ordinary primes split completely in L + n from any such primitive representation. Corollary 2. Let E be an elliptic curve defined over a number field K as above and n 1 an integer. Then there is a constant C 0 depending only on E and n so that for every ordinary prime p of K with N(p) > C 0 we have that p splits completely in L + n if and only if x ±1 mod n and y 0 mod n in any primitive representation N(p) = Q p (x, y). If E has CM by the ring of integers in an imaginary quadratic field of discriminant then the splitting completely condition in L + n becomes simply N(p) = Q (x, y) with integers x ±1 mod n and y 0 mod n. Actually, suppose we take for E the elliptic curve with lattice given by the ring of integers of an imaginary quadratic field F of discriminant and take K = F (j(e)), the Hilbert class field of F. It follows from Corollary 2 that a sufficiently large rational prime 4

p splits in L + n iff p = Q (x, y) with integers x ±1 mod n and y 0 mod n. This is a well known result of CM theory. Another simple consequence in the CM case, this time of Corollary 1, is that the conditions #E p (k) 0 mod n 2 and N(p) 1 mod n, which are clearly necessary for p of good reduction to split completely in L n, are also sufficient, at least when n is odd. Our main application is to describe the primes that split completely in certain non-solvable quintic extensions M/K. Suppose M is given by adjoining to K a solution of a principal quintic over K: f(x) = x 5 + ax 2 + bx + c = 0 and that the discriminant of f is D. Suppose further that the Galois group of the normal closure L of M is S 5 and that 5D K. Theorem 2. Let M/K be a non-solvable quintic extension as above. There exists an elliptic curve E defined over K so that a prime p of K that has good reduction for E and is prime to 5 splits completely in M if and only if b p 0 mod 5 where b p is associated to the elliptic curve E. In general we have the following determination of the splitting type of p: ( ) a 2 (N(p) ) p 4N(p) Splitting type of p in M 5 5 (1)(2) 2 1 1 (1)(4) 1 1 (1) 2 (3) 1 1 (1) 3 (2) 1 1 if 5 a p (2)(3) 1 1 if 5 a p (5) 0 if 5 b p (1) 5 0 if 5 b p Concerning the determination of E from f, it is enough to find the j-invariant of E. Explicit computations are provided below. We remark that it is also possible to formulate a similar result for A 5 extensions of K under otherwise identical assumptions. Furthermore, by allowing the elliptic curve to be defined over a quadratic or a biquadratic extension of K one can uniformize all non-solvable quintic extensions. It is also possible to explicitly uniformize certain degree 7 extensions whose normal closure have Galois group simple of order 168 by using the seventh division fields of elliptic curves (see [11] and the references cited there.) By Theorem 1 one can similarly characterize the primes with a given splitting type in such extensions. 5

A global representation of the Frobenius In this section we will prove Theorem 1 and its corollaries using an approach that compares the action of the Frobenius on the prime-to p division points with the action of the matrix (3) on Z 2. Let E be an elliptic curve defined over a number field K. Let p be a prime ideal in O K with residue field k E p, the reduction of E mod p (it is assumed that E has good reduction at p). That p is unramified in the field L n is well known, see e.g. [14] VII. 4. Also note that there is nothing to prove when φ p Z, so we will assume throughout that this is not the case. The idea of the proof is that modulo p the curve E can be replaced by a curve Ẽ with complex multiplication so that the following diagram commutes: red E[n] E p [n] red Ẽ[n] F P φ p φp E[n] red E p [n] red Ẽ[n] where as usual [n] stands for the n-division points on the curves in the algebraic closures of the appropriate fields. We now explain this diagram in detail. To simplify matters we fix a Weierstrass equation for E as in [14] III. 1. Let K, k be the algebraic closures of K, k. To specify the horizontal maps red we choose an embedding of K into the algebraic closure K p of K p, the completion of K at the valuation arising from p. We call the subgroup of torsion points whose orders are relatively prime to p the p -torsion. Then the p -torsion points on E(K) is mapped into the p -torsion of E(K p ) and this being defined over an unramified extension, reduction modulo a prime P above p maps this latter group into the p -torsion of E(k). Both of these maps are isomorphisms on p torsion. This is the map red for reduction, though as explained above it depends on many choices. Note that after these choices are made there is a unique element F p Gal(Kp unram /K p ) that satisfies F p (t) t #k mod P, for all t Kp unram. We are interested in the action of the Frobenius automorphism φ p Gal(k/k) on the k-valued points. In terms of the Weierstrass equation for E, this action on the coordinates is simply (x, y) (x #k, y #k ). By abuse of notation we also denote this action and the restriction of it to the n-division points by φ p. Now the commutativity of the left half of the diagram is merely a restatement of the choices made above. By Deuring s lifting theorem ([4], [9] p.184), there exists an elliptic curve Ẽ defined over K p and an endomorphism φ p of Ẽ so that Ẽ reduces to E p modulo po p and that φ p End(Ẽ) reduces to φ p End(E p ). If E is super-singular φ p will be defined over a ramified extension. Reduction still makes sense since φ p is an endomorphism and not a Galois automorphism. This shows the commutativity of the right half of diagram (6). (6) 6

To prove our theorem we need to determine the endomorphism ring S of Ẽ. Recall that the ring R p defined in the introduction is the centralizer of φ p in the endomorphism ring of E p and is a quadratic order. We claim that S is isomorphic to R. Since R S, Deuring s reduction theorem implies equality if we can show that the conductor of R is prime to N(p), a fact that is trivial in the ordinary case and follows from [18] in the super-singular case. Let p be the discriminant of R p. By choosing a complex square root of p we identify R p with a lattice in C. After this identification φ p corresponds to some complex number φ = (a p + b p p )/2. Clearly the lattice R is preserved by multiplication by φ and leads to the integral matrix (3), where we may choose b p 0. Instead of R one could in fact use any lattice whose endomorphism ring is R. To finish the proof of Theorem 1, consider an embedding α of the algebraic closure of K p into C. It allows us to view Ẽ as an elliptic curve over the complex numbers, which we denote E α. Since E α has complex multiplication by R and Gal(C/Q) acts transitively on the set of elliptic curves with R as its endomorphism ring, we may and will assume the j(e α ) = j(r). By choosing a non-trivial holomorphic differential ω on Ẽα appropriately the lattice of periods { γ ω : γ H 1(Ẽα, Z} = R. Then the period mapping Π : Ẽα C/R is a biholomorphic isomorphism of complex analytic manifolds. The action of φ p on Ẽ defines an endomorphism of Ẽα and gives rise to a map φ on R. Since the Frobenius automorphism φ p satisfies a quadratic equation φ 2 p a p φ p + N(p) = 0. (7) φ can be identified with multiplication by one of the complex roots of this equation i.e. multiplication by φ : R R (viewed as complex numbers). Getting back to the n-division points we can again summarize the situation in the following diagram: Ẽ p [n] α Ẽα[n] n Π R/nR φ p φ α φ (8) Ẽ p [n] α Ẽα[n] n Π R/nR where n Π is the period map followed by multiplication by n. This proves Theorem 1. Remark: If E is replaced by an Abelian variety V then p is still unramified [16] and the left square of diagram (6) makes sense. If in addition V has ordinary reduction at p then the right square in diagram (6) generalizes as shown by Deligne [3] (and therefore the whole proof works). However the general case leads to substantial difficulties [10]. Corollary 1 is an immediate consequence of Theorem 1. 7

We now prove Corollary 2. Let E be an elliptic curve defined over a number field K as above and n 1 an integer. Let p be a prime of ordinary reduction for E. Given a primitive representation p r = Q p (x, y) we know that x and y are uniquely determined up to (proper or improper) automorphs of Q p. If p > 4 and x ±1 mod n and y 0 mod n then it follows that [ ] x + δy y σ p mod n (9) y( p δ p )/4 x and hence that p splits completely in L + n. If j = j(e) is not 0 or 1728 then for p with N(p) sufficiently large we have that p > 4. To see this write j = α/β for α, β O K. We know that j j(r p ) mod p. If j(r p ) = 0 or 1728 then assuming that j j(r p ) 0 we have N(p) max( N(α), N(α 1728β) ). In case j = 0 or j = 1728 the altered definition of L + n leads again to the result. Finally we prove the consequence of Corollary 1 mentioned below Corollary 2 above that, in the CM case, a prime of good reduction p splits completely in L n if a p N(p) + 1 mod n 2 and N(p) 1 mod n, provided n is odd. Since these conditions immediately imply that a p 2 mod n, by Corollary 1 we only must show that n b p. By our assumption we get, using that a 2 p (N(p) 1) 2 + 4N(p) 4N(p) mod n 2 4N(p) = a 2 p p b 2 p, n 2 p b 2 p. For a CM curve with fundamental the only possible prime dividing the square part of p is 2. In fact, p = for ordinary p and for super-singular p we have p = p or p = 4p, where N(p) = p r. Since n is odd this implies that n b p. Quintics In the section we prove Theorem 2 and justify the general splitting criteria given after it as well as the example given in the introduction. Let M be given by adjoining to K a root of a principal quintic f(x) = x 5 + ax 2 + bx + c = 0 8

defined over K. If the discriminant of f is 5 times a square then, by means of a Tschirnhausen transformation ([5] p.218.) we may assume that M is determined by a Brioschi quintic f t (x) = x 5 10tx 3 + 45t 2 x t 2 1 for some t K with t 0, 1728. It was shown by Kiepert [6] already in 1879 (see [7] for an exposition) that M is contained in L + 5 for any elliptic curve E over K with j-invariant 1728 t 1. Recall that L + 5 is in this case obtained by adjoining to K the x-coordinates of the 5 division points. One can take for instance the curve E t given by E t : y 2 + xy = x 3 + 36tx + t. (10) If the splitting field of f over K is an S 5 extension then it must be the fixed field of the subgroup of scalars of G since P GL 2 (F 5 ) S 5. Theorem 2 now follows easily from Theorem 1. A calculation of conjugacy classes based on the identification of S 5 with P GL 2 (F 5 ) leads to the determination of the splitting type of a prime p of good reduction for E t that is prime to 5. Recall that A GL 2 (F 5 ) is called regular if it has different eigenvalues. Clearly A is regular if the discriminant of the characteristic equation tr(a) 2 4 det(a) is non-zero. Given such A its conjugacy class is determined by its trace and determinant. It is clear that the values of the following Legendre symbols ( ) ( det(a) tr(a) 2 ) 4 det(a) σ = and ρ = 5 5 are determined by the conjugacy class of A in P GL 2 (F 5 ). Now in case the characteristic polynomial of A splits, that is ρ = 1, the matrix A is conjugate to a diagonal matrix in GL 2 (F 5 ) and so the value of σ already determines the cycle type of such matrices. When ρ = 1 one must take into account whether tr(a) 0 or 0 mod 5. For A non-regular tr(a) 2 4 det(a) = 0 and one needs to know if A is semi-simple or unipotent. This information cannot be extracted from the trace and determinant alone, but it is determined by the value of b p. All that remains to be done is to identify each conjugacy classes with its cycle type. The example in the introduction is obtained by taking K = Q and t = 32 2 8 5. 2 Here we observe that since E has four 2-torsion points over Q both a p and b p will be even for p with good reduction. Thus the representation 4p = a 2 p p b 2 p yields p = x 2 p y 2 and the condition for splitting completely is that y 0 mod 5, since x and y are determined uniquely up to sign. 9

Some computational issues In this section we discuss some of the computational issues that arise when considering examples. First, given a principal quintic (slightly modified from above) f(x) = x 5 + 5ax 2 + 5bx + c = 0 (11) defined over K with discriminant D such that 5D K we must determine t so that the Brioschi quintic f t (x) = x 5 10tx 3 + 45t 2 x t 2. (12) determines the same extension. This is done using a Tschirnhausen transformation and is described in detail in [7], p 103. (see also [5] p.218.) Here we will simply record the result in the case a 0. We must find t, λ and µ in the map x λ + µx (x 2 /t) 3 (13) in order to transform the general principal quintic (11) to the Brioschi quintic (12). An analysis using invariant polynomials for the icosahedral group acting on the Riemann sphere leads eventually to the quadratic equation for λ given by (a 4 + abc b 3 )λ 2 (11a 3 ac 2 + 2b 2 c)λ + 64a 2 b 2 27a 3 c bc 2 = 0. The discriminant of this quadratic is 5 5 a 2 D and so λ K. Choose either solution and let Then, provided j 0, 1728 we can take j = (aλ2 3bλ 3c) 3 a 2 (λac λb 2 bc). t = 1/(1728 j) in (12) and choose for the elliptic curve any curve with this j invariant, say E t : y 2 + xy = x 3 + 36tx + t as in (10). Also, one determines µ in (13) to be given by µ = ja2 8λ 3 a 72λ 2 b 72λc λ 2. a + λb + c 10

Note that the discriminant of f t is while that of E t is D t = 5 5 t 8 (1728t 1) 2 t(1728t 1) 2. Another issue is to compute the invariants p and b p in the rational case. An important study of p was made by Schoof in [12]. The most straightforward way to determine b p and to find the order R that appears in Deuring s theorem is to check all the possible singular invariants until we find one that is congruent to the given j-value modulo p. (Note that the discriminant of R must divide a 2 p 4p.) We assume that our input is an elliptic curve E, given in Weierstrass equation, and p is a prime number that does not divide the discriminant of E. After computing a p we find p for an ordinary curve as follows; we first compute the square-free part D of a 2 p 4p and then create a vector whose values are all possible discriminants = b 2 D (a 2 p 4p). For a possible conductor, we find the class group C( ) of the proper ideal classes (using quadratic forms) and compute the integer X = (j(e) j(λ)). Λ C( ) Note that the canonical lift Ẽ is distinguished by the fact that its endomorphism ring is R and that j(e) j(ẽ) mod P for some prime P dividing p. Therefore for any complex embedding α : Q p C, α(j(ẽ)) {j(c/λ) : Λ C p }, where p is the actual discriminant of R. Also note that if Λ C for p, then the corresponding elliptic curve reduces to a curve whose endomorphism ring has discriminant for any place above p. Therefore p is uniquely characterized by the fact that X p 0 mod p. Occasionally the computation of X involves complex numbers of rather large size. To make the algorithm efficient, one needs to determine the needed precision in advance. Assume that the lattices are given in the form Z + Zτ i, with τ i in the upper half plane. Then the number of significant digits one must use is approximately log(j(e)) + 2πIm(τ i ) log(10) τ i It follows from Lemma 2.2 of [12] that the required precision is approximately of size p.. 11

Below we present various tables giving information about the invariants of the family of elliptic curves associated as above to the quintic E t : y 2 + xy = x 3 + 36tx + t f t (x) = x 5 10tx 3 + 45t 2 x t 2. We made use of pari-gp in these computations. t=1 t=2 t=3 t=4 p p a p b p p a p b p p a p b p p a p b p 2-7 -1 1 - - - -7-1 1 - - - 3-8 -2 1-11 1 1 - - - -8-2 1 5-11 3 1 - - - -16 2 1-19 -1 1 7-24 2 1-12 -4 1-19 -3 1-24 -2 1 11 - - - -43 1 1-28 4 1-40 -2 1 13-12 2 2-13 0 1-27 5 1-51 1 1 17-8 -6 2-59 -3 1-52 4 1-43 -5 1 19-60 -4 1-67 3 1-15 4 2-72 2 1 23-76 -4 1-56 -6 1-56 6 1-56 -6 1 29-28 -2 2-29 0 1-100 -4 1-35 -9 1 31-24 10 1-24 10 1-31 0 1-88 -6 1 37-123 5 1-84 -8 1-139 3 1-147 1 1 41-8 -6 4-139 -5 1-128 6 1-83 -9 1 43-156 4 1-39 4 2-7 12 2-72 -10 1 47-172 -4 1-152 6 1-184 2 1-152 6 1 53-211 -1 1-176 -6 1-176 6 1-52 -2 2 59-232 2 1-211 -5 1-172 8 1-40 14 1 61-75 13 1-61 0 1-36 -10 2-36 -10 2 67-232 -6 1-147 11 1-187 9 1-264 -2 1 71-140 12 1-248 -6 1 - - - -248 6 1 73-123 -13 1-123 -13 1 - - - -291-1 1 79-300 -4 1-300 4 1-291 -5 1-252 8 1 83-83 0 1-331 1 1-136 -14 1-316 4 1 89-187 -13 1-355 -1 1-89 0 1-80 -6 2 97-88 -6 2-43 -1 3-363 -5 1-96 -2 2 The invariants for the elliptic curves E t for the first 25 primes ( indicates that the curve has bad reduction.) 12

t=1 t=2 t=3 t=4 p p a p b p p a p b p p a p b p p a p b p 541-492 14 2-1680 -22 1-1539 25 1-2115 7 1 547-2088 -10 1-1827 19 1-351 -28 2-1992 -14 1 557-1939 -17 1-2224 2 1-464 42 1-532 10 2 563-563 0 1-419 24 2-2188 -8 1-1676 24 1 569-1051 35 1-2107 13 1-1792 -22 1-1835 21 1 571-2184 -10 1-2275 -3 1-375 -28 2-168 46 1 577-528 14 2-576 2 2-2139 13 1-496 18 2 587-2204 -12 1-551 12 2-1324 32 1-584 42 1 593-1283 33 1-2203 13 1-1076 36 1-152 -42 2 599-2392 -2 1-2296 10 1-2140 -16 1-1240 -34 1 601-2115 17 1-2379 -5 1-376 30 2-227 19 3 607-984 38 1-2412 4 1-607 0 1-984 -38 1 613-147 10 4-1876 24 1-1723 -27 1-324 -34 2 617-2107 19 1-88 -46 2-164 48 1-88 46 2 619-1032 -38 1-955 39 1-47 -28 6-1800 -26 1 631-924 40 1-1228 -36 1-2235 -17 1-1368 34 1 641-2483 -9 1-632 -6 2-2420 12 1-560 -18 2 643-1416 34 1-2563 -3 1-1611 -31 1-2536 -6 1 647-2264 18 1-2444 -12 1-284 -48 1-2188 -20 1 653-2603 -3 1-2036 -24 1-2608 -2 1-652 -2 2 659-2440 14 1-623 12 2-2312 -18 1-1736 -30 1 661-2619 5 1-2640 2 1-1419 -35 1-1915 -27 1 673-39 -14 8-1851 -29 1-2571 -11 1-2643 -7 1 677-2179 23 1-1808 30 1-2224 22 1-2267 -21 1 683-2056 -26 1-2563 -13 1-428 -48 1-2156 24 1 691-300 8 3 - - - -495-28 2-2620 12 1 The invariants for the elliptic curves E t for the primes from p 100 = 541 to p 125 = 691. 13

t=1 t=2 t=3 t=4 p p a p b p p a p b p p a p b p p a p b p 7927-236 172 3-14284 -132 1-5991 88 2-31608 -10 1 7933-28011 61 1-16848 -122 1-12411 -139 1-116 166 6 7937-7888 14 2-18979 113 1-28148 60 1-31387 19 1 7949-22771 95 1-17872 -118 1-6196 -160 1-31627 -13 1 7951-23340 92 1-14380 132 1-26179 75 1-29868 44 1 7963-31276 -24 1-3063 -140 2-31491 -19 1-16476 -124 1 7993-3539 -11 3-1888 42 4-876 134 4-23323 -93 1 8009-5408 -102 2-27811 -65 1-19040 114 1-28315 61 1 8011-21228 -104 1-17403 -121 1-8019 155 1-21640 102 1 8017-16443 -125 1-6648 -74 2-24843 -85 1-31779 -17 1 8039-7192 158 1-28556 60 1-31672 22 1-22940 -96 1 8053-6964 -66 2-32176 6 1-25651 81 1-22011 101 1 8059-30636 -40 1-24315 89 1-7995 16 2-31080 -34 1 8069-32267 -3 1-32020 16 1-9776 150 1-1807 58 4 8081-22123 -101 1-30115 47 1-32128 14 1-1520 162 2 8087-31772 24 1-32344 2 1-21112 106 1-31324 -32 1 8089-29331 55 1-8947 -153 1-7360 54 2-896 -10 6 8093-31147 35 1-32228 12 1-20708 -108 1-32363 3 1 8101-275 -173 3-11668 -144 1-30003 49 1-3612 134 2 8111-30680 42 1-1240 -38 5-11708 -144 1-31148 36 1 8117-10859 147 1-31684 -28 1-27284 72 1-7948 -26 2 8123-26716 -76 1-10291 -149 1-32488 2 1-32236 16 1 8147-32104 -22 1-26659 -77 1-30824 42 1-24844 -88 1 8161-32 -62 30-9235 -153 1-29163 -59 1-984 130 4 8167-2236 -112 3-20124 -112 1-30267 49 1-32632 -6 1 The invariants for the elliptic curves E t for the primes from p 1001 = 7927 to p 1025 = 8167. t 1 2 3 4 5 6 7 8 9 10 11 23-76 -56-56 -56-83 -56-91 - -28-23 -19 a 23-4 -6 6-6 3-6 -1 - -8 0 4 b 23 1 1 1 1 1 1 1-1 1 2 t 12 13 14 15 16 17 18 19 20 21 22 23-88 -76-83 -7-76 -11-88 -43-67 -83-91 a 23 2 4 3-8 4-9 2-7 5-3 1 b 23 1 1 1 2 1 1 1 1 1 1 1 For the prime 23, the invariants of the curve E t, (at t = 8, the curve has bad reduction) 14

t b p = 1 2 3 4 5 6 7 8 9 10 11 12 1 77 10 6 3 0 1 0 2 0 0 0 1 2 74 15 5 1 1 0 1 2 0 0 0 0 3 80 15 1 2 0 1 1 0 0 0 0 0 4 78 14 2 4 0 1 0 0 0 0 0 1 5 82 11 5 1 1 0 0 0 0 0 0 0 6 78 14 5 2 0 1 0 0 0 0 0 0 7 81 12 4 2 1 0 0 0 0 0 0 0 8 76 13 4 5 0 0 0 1 0 0 0 0 9 79 16 2 2 1 0 0 0 0 0 0 0 10 88 6 2 2 0 0 1 0 0 0 0 1 11 75 15 3 5 1 0 0 1 0 0 0 0 12 75 16 6 1 1 0 0 1 0 0 0 0 13 73 15 6 1 2 1 0 1 0 0 0 0 14 79 11 7 2 1 0 0 0 0 0 0 0 15 80 12 3 0 3 1 0 0 0 0 0 0 16 79 12 1 4 0 3 0 0 0 0 0 0 17 84 9 1 2 2 1 0 1 0 0 0 0 18 83 12 3 0 2 0 0 0 0 0 0 0 19 77 16 3 3 1 0 0 0 0 0 0 0 20 81 15 2 1 0 0 0 0 1 0 0 0 21 81 17 2 0 0 0 0 0 0 0 0 0 22 77 17 6 0 0 0 0 0 0 0 0 0 23 73 18 4 3 0 0 0 1 0 0 0 0 24 84 8 3 2 3 0 0 0 0 0 0 0 25 76 10 4 6 1 0 1 2 0 0 0 0 For a given t, the table shows the number of primes in the range p 101 = 547 p p 200 = 1223, the for which the invariant b p of E t is 1, 2..., 15

p b p = 1 2 3 4 5 6 7 8 9 10 11 12 233 187 34 0 8 0 0 1 1 0 0 0 0 239 201 31 0 0 3 0 1 0 0 1 0 0 241 175 33 16 6 3 3 0 3 0 0 0 0 251 206 38 0 0 4 0 0 0 0 0 1 0 257 206 39 0 8 0 0 0 2 0 0 0 0 263 223 37 0 0 0 0 1 0 0 0 0 0 269 209 43 0 11 4 0 0 0 0 0 0 0 271 208 35 18 0 4 4 0 0 0 0 0 0 277 207 35 19 10 0 2 1 0 0 0 0 1 281 219 43 0 9 3 0 2 2 0 1 0 0 283 216 42 19 0 0 3 0 0 1 0 0 0 293 235 44 0 12 0 0 0 0 0 0 0 0 307 235 45 20 0 0 4 0 0 1 0 0 0 311 263 41 0 0 4 0 0 0 0 1 0 0 313 235 40 20 9 0 3 0 2 1 0 0 1 317 257 43 0 13 0 0 2 0 0 0 0 0 331 247 49 22 0 5 4 1 0 1 0 0 0 337 253 42 22 10 0 4 1 2 0 0 0 1 347 288 54 0 0 0 0 1 0 0 0 0 0 349 255 45 23 14 4 4 0 0 1 1 0 0 353 285 51 0 12 0 0 0 2 0 0 1 0 359 300 49 0 0 6 0 1 0 0 0 0 0 367 283 51 25 0 0 5 0 0 0 0 1 0 373 278 48 25 14 0 3 1 0 1 0 0 1 379 284 53 25 0 4 5 1 0 1 2 1 0 Given p, the table shows the number of t in the range 1 t p 1 for which the invariant b p of E t takes the value 1, 2,... References [1] N. Chebotarov, Die Bestimmungder Dichtigkeit einer Menge von Primzahlen, welche zu einer gegebenen Substitutionsklasse gehören Math. Ann., 95 (1926), 191 228. [2] D. A. Cox, Primes of the form x 2 + ny 2. Fermat, class field theory and complex multiplication. John Wiley & Sons, Inc., New York, 1989. [3] P. Deligne, Variétés abéliennes ordinaires sur un corps fini, Invent. Math., 8, (1969), 238-243., [4] M. Deuring, Die Typen der Multiplikatorenringe elliptischer Funktionenkorper, Abh. Math. Sem. Hamburg, 14,(1941), 197-272. [5] L. E. Dickson, Modern algebraic theories, Sanborn, 1926. 16

[6] L. Kiepert, Auflösung der Gleichungen fünften Grades, J. für Math., 87, 114-133 (1878) [7] R.B. King, Beyond the quartic equation. Birkhuser Boston, Inc., Boston, MA, 1996. [8] F. Klein, Lectures on the icosahedron and the solution of equations of the fifth degree. Dover Publications, Inc., New York, N.Y., 1956 [9] S. Lang, Elliptic functions, Addison-Wesley, 1973. [10] F. Oort, Lifting algebraic curves, abelian varieties, and their endomorphisms to characteristic zero. Algebraic geometry, Bowdoin, 1985, 165 195, Proc. Sympos. Pure Math., 46, Part 2, Amer. Math. Soc., Providence, RI, 1987. [11] E.M. Radford, On the solution of certain equations of the seventh degree, Quarterly J. Math. 30, 263-306 (1898) [12] R. Schoof, The exponents of the groups of points on the reductions of an elliptic curve. Arithmetic algebraic geometry (Texel, 1989), 325 335, Progr. Math., 89, Birkhuser Boston, Boston, MA, 1991. [13] J P. Serre,Propriétés galoisiennes des points d ordre fini des courbes elliptiques, Inventiones Math. 15, (1972) 259 331 (= Collected Papers III, 1 73) [14] J. Silverman, The arithmetic of elliptic curves, Springer 1986. [15] G. Shimura, A reciprocity law in non-solvable extensions, J. Crelle 221 (1966), 209 220. [16] G. Shimura and Y. Taniyama, Complex multiplication of abelian varieties and its applications to number theory, The Mathematical Society of Japan, 1961. [17] H.M. Stark, Counting points on CM elliptic curves. Symposium on Diophantine Problems (Boulder, CO, 1994). Rocky Mountain J. Math. 26 (1996), no. 3, 1115 1138. [18] W. C. Waterhouse, Abelian varieties over finite fields. Ann. Sci. cole Norm. Sup. (4) 2 1969 521 560. 17